Posted
by
Soulskill
on Tuesday November 13, 2012 @06:24PM
from the i'm-spartacus dept.

An anonymous reader writes "Certain iPhone and iPad applications from a Japanese company have broken software piracy detection mechanisms that are sending out tweets on the user's own Twitter account, saying, 'How about we all stop using pirated iOS apps? I promise to stop. I really will. #softwarepirateconfession.' The trouble is, it's sending these out on accounts of users who actually paid up to $50 or more for the software and who are legally using it. The app is asking for access to users' Twitter accounts, but does not give the reason why it is asking, so the author of the article concluded (rightly) that things were being done deliberately. Would you want your legally purchased software to send out messages to all of your contacts on Twitter or on other social networks saying that you were a software pirate? Would you excuse the writers of the software if it was just an error in their piracy detection measures?"

This app cost 50$ and it was only when the user got an update, that the app insisted on getting Twitter credentials. So he paid heavily for an app which subsequently sent out a dodgy update. Not a very nice practice.

I didn't actually realize it was a dictionary - people actually pay more than a buck or two for an app? Considering a dictionary is available online, $50 for a dictionary app seems to be kind of silly.

Considering a dictionary is available online, $50 for a dictionary app seems to be kind of silly.

Perhaps not to a journalist who earns his daily bread by reviewing applications for portable devices. It's one of his tools of trade.

The Web site approach that you talk about may work if you need one word in a month. However the browser is not a perfect interface. You need to scroll around, to zoom in, to zoom out... even a simple application that has only one input field and one output area will be a huge timesaver. This is important for journalists who routinely write articles, especially when those articles are in a foreign language (Norsk != English.)

However the browser is not a perfect interface. You need to scroll around, to zoom in, to zoom out... even a simple application that has only one input field and one output area will be a huge timesaver.

I can't speak for Japanese dictionary sites, but dictionary.com's mobile site [dictionary.com] is pretty straightforward--no pinching or zooming required.

I visited China recently, and paid £10 or so for Pleco. Its great:handwriting recognition of Chinese characters, OCR using the camera, and many more plugins I haven't paid for. All offline, I'd have used £10 many times over in roaming fees with an online app or site.

An app that's "all in one" doing something similar could easily be worth $50.

I noticed one of these twitter posts from Teller (the silent half of Penn and Teller) earlier today. I assumed it was a joke that I didn't understand, but it makes sense now.

I'm more than willing to make a statement in court to the effect that I assumed he was admitting to performing illegal acts if it helps in any subsequent lawsuit against the turd-like cretins who abused people's trust in their products by misrepresenting them publicly in this way.

The first EVER spam app hit the iPhone just this year - and was very promptly removed from the App Store.

"Just as antivirus researchers congratulated Apple for keeping the iPhone free of nasty apps five full years after its release, spammers seem to have finally tarnished that spotless record."

So I think it's fair to say that while not perfect (and who is?) that iOS has really done a remarkable job keeping the malware off it's platform. Android has gotten better and I freely admit that, and it's a good thing. But it's definitely not up to snuff quite yet compared to the competition in that particular area.

What these articles about Android malware always fail to mention is that 99.9% of it requires you to tick the "Unknown sources" box and then agree to the warning message about it being your own responsibility to check what you install. IMHO if you did all that you have accepted that responsibility and should not expect Google to protect you.

The link you provided uses stats from Kaspersky. The people most likely to install an anti-virus product are the ones also installing lots of dodgy apps they download fr

Nope, does it have anything to do with assassinating the characters?Maybe it's related to those horrible laws against little boys yelling "WOLF" in small villages... I mean, that's both Sexist and Ageist.

The software owner should be legally charged.

Hmm. So, you're proposing we prosecute the people who bought the software that's defaming them, legally (as opposed to charging them... figuratively)? Isn't that a bit like yodeling "THEATER" in a crowded fire?

Legally charged? To me "charged" implies "charged with a crime", but character assassination isn't a crime; it would be Libel (or Slander) which is a tort. It would be fun, though, if users sued the programmer -- and in my opinion, yes, he is liable. At a minimum he should apologize and refund the purchase price to all affected users.

Regardless of whether piracy is right or wrong, people will always do it. It's an economic problem. Many people will stop if the price is low enough; for others, "free" in both senses is the only price low enough. This is reality, and it will never change. Creators and their associated industries need to get over it. There will never be a way to stop everyone, there will never be a way to catch everyone.

That said, it may also be good economics to implement DRM in some cases; you have to weigh the bene

How do we know it is falsely claiming that the users are pirates? The guy in the link admits to using Installus which is an application specifically crafted for piracy. Maybe he pirated it, maybe he didn't, but who likes to admit to being a criminal even when busted red-handed?

Because at least one instance of a false positive is known. The guy has the receipt. Nothing else matters; the guy is not a pirate.

The guy in the link admits to using Installus which is an application specifically crafted for piracy.

How does that change the fact that the guy has paid his dues with regard to the dictionary? Even if he pirated all other applications - which he denies - this doesn't give the dictionary a right to accuse the owner of anything. Besides, the guy claims that he needed Installus for a legitimate purpose: " you can use it to go back to an older version of an app you legally own. This is otherwise impossible in iOS."

How does that change the fact that the guy has paid his dues with regard to the dictionary? Even if he pirated all other applications - which he denies - this doesn't give the dictionary a right to accuse the owner of anything. Besides, the guy claims that he needed Installus for a legitimate purpose: " you can use it to go back to an older version of an app you legally own. This is otherwise impossible in iOS."

Difficult. Legally, it may very well be that if you have paid for a copy that you are not using, and then install another copy that you haven't paid for, it is copyright infringement even when no harm was done to the copyright owner. Not saying it is, but it might be. It may also be that paying for an app on the App Store gives you a license to install the app on several devices that you own, but not on a jailbroken device.

Clearly if the guy paid for the app, he is not a thief. On the other hand, the Sla

There's a simple solution: never install programs from an untrusted source, such as an app store. A source that's trustworthy has the sources you can download and read -- and if any such a logic bomb is found, it can be removed immediately -- not that code with such a bomb should be really allowed back without a thorough review. This possibility makes such sabotage virtually absent in free software.

Historically, back doors have often lurked in systems longer than anyone expected or planned, and a few have become widely known. Ken Thompson's 1983 Turing Award lecture to the ACM admitted the existence of a back door in early Unix versions that may have qualified as the most fiendishly clever security hack of all time. In this scheme, the C compiler contained code that would recognize when the login command was being recompiled and insert so

I've been rather surprised at the porousness of Apple's walled garden. My iPad is 100% stock (not jailbroken, etc), and all of the apps came directly from the app store. A couple weeks ago I noticed some odd files in my dropbox root folder. There were two executables - one for Windows (Xbox 360 MSP Generator.exe.), one for OSX (IGenerate 6.7) - both for generating "free" XBox points. Fortunately Dropbox allows you to (via their web interface only) view the versions and history of files. Both those files came from my iPad. Then last week it happened again with just a windows executable (iLividSetup.exe), also from my iPad.

So some iOS app is interacting with the Dropbox app in some way (either via API or just throwing files into a folder that Dropbox must have all permissions open on). I have yet to determine which app it is. I only use 6 or 7 apps regularly, so I'm pretty sure it's not any of those, and I have yet to do a more systematic check on the other dozens of odd lesser used apps. The moral of the story is that these app stores are not foolproof by any means, and malware is still being approved, even if the attack vector is novel, dependent on a 3rd party app (dropbox) and is cross-platform.

When I click on Kdan mobile it's a 404. I triple checked my app history, and I have never installed that, or any other, PDF reader on my device. I've never needed to. I also have never given any access to dropbox for an app. Perhaps that is just a sham app the malware claims to be when getting access to dropbox?

Really? So you have sat down and read through every single line of code in everything you use? Or are you just believing some creature out there is doing that for you and hoping to god they spot the problems?

Android without a malicious telco is not outright bad. There's typically a bootloader and some minor parts that can't be reviewed, though -- and the phone really needs to be rooted and reloaded with some known-good build.

I'm not paranoid, but trusting people is good only if they have some incentive to be trustworthy. A closed app on the other hand gives them no benefits for being honest and plenty of opportunities to try to make additional dime at your cost.

...Of whether or not the user has pirated the software, this kind of name-and-shame digital vigilantism on the part of the software author is just playing with fire. Especially (but not only) when it's shoddily coded and hitting false positives.

I can imagine them sitting around their dev table brainstorming "Ok guys, what's the best possible way we can open the company up to libel and defamation lawsuits? Hey, I know... Let's even give people who use and rely on Twitter as a business tool an opportunity to claim commercial losses against us as a result of an automated piracy accusation going out to their X-million followers!"

The app is posting a tweet purporting to come form the user, whereas it actually comes form the app's author. As the app's message is implying that the user is violating copyrights, a crime, this is defamatory, so the author of the app is libelling the user. The user isn't a public figure, so doesn't have to prove malice on the part of the app's author. As I see it, the only defence for the app's author would be to prove that the user did illegally copy software.

As I see it, the only defence for the app's author would be to prove that the user did illegally copy software.

It wouldn't be even nearly enough. For example, an ISV cannot set fire to your house upon detection of unauthorized use. There is a specific limit to what software developers may do when they have a good reason to suspect piracy. Have a look at Microsoft's solution - MS had enough lawyers thrown at the problem, so what MS did is basically the maximum of what is legal and safe.

In this case the software developer committed several crimes. And those crimes do not even PREVENT the piracy! What would prevent it? Simple: just don't run the software! Or run it in demo mode. Good solutions are numerous.

One good advice that got overlooked here is this: always maintain good communication. Talk to the user. Let the user always know what is happening. Let the user make his decisions. In this case the software bypassed the communication phase and decided to become not only the detective, but also the judge, the jury and the executioner. Note that only a judge can order a convicted offender to publicly humiliate themselves. This rarely happens, but such sentencing does occur now and then - usually as an offer that can be refused (if you like the inside of a prison more, for example.) This software took upon itself the right that rare a human is entrusted with.

In many western countries truth is an absolute defense. Where the US is unique is in the public figure doctrine [wikipedia.org] (you need to prove actual malice as well as falsity when you're a public figure plaintiff). Also the onus is reversed in the US. The defendant is not automatically considered to be "guilty". It's up to the plaintiff to prove the defendant made a false statement of fact.

The company you want to avoid from now on is called "Enfor", and they deserve to have this bullshit rubbed in their face. If you want to sock 'em in the gut, email Apple and explain to them what happened after you legitimately purchased the app, and ask for a refund. I'm sure this is breaking one of their SDK rules somewhere, but even if it isn't- they have a walled garden to protect legitimate users from this kind of crap. When stuff like this gets past them, it makes Apple look bad as well as the company who wrote it.

So email Apple and tell them how you feel about this betrayal of trust. Tell them the app has publicly humiliated/embarrassed you, that you want a refund, and that this whole situation has shaken your confidence in Apple's walled garden. If enough people do this, Apple will turn around and tear a strip off Enfor- either by freely issuing refunds to anyone who asks for it, or by taking down the offending apps (goodbye sales!), or by banning the developer.

Apple should provide anti-piracy protection to its developers. It could--it is a walled garden and each device has a unique ID... but chooses not to.. Most developers don't make a penny selling iOS software... Apple should take as many steps as possible to encourage a healthy marketplace for quality developers. Ideas such as waiving the $99/year fee for apps that good but not yet profitable would be a start.. And re-vamping the app store to make it easier to find software would be another good first step.

Only if the device can be jailbroken you can use pirated software in it. If you are using the most recent version of the OS at this time you simply can't do it, what more do you expect them to do? All the jailbreaks are basically methods to break the security model of the OS.

I'm finding more frequently the reason people use a pirated version is to avoid this type of stuff. I'd be willing to bet only 25% of their customer base knows that. I'd also be willing to bet future customers are going to think twice about paying.

Why did Enfour do it? "Only 25% of our apps in use are legitimate copies. Piracy is threatening the survival of all independent devs," she wrote.

The common thread you see in many cases of software or content which are heavy on the anti-piracy (advocacy, DRM, etc) is that they (er, the organisation responsible) have no integrity, no shame, and are mostly hypocrites.

Not absolutely every one of them, but near enough that to say otherwise is nothing more than legal nit-picking.

Seriously folks, when will Big Business (and even some small ones) stop thinking that ALL their customers are a bunch of ratbags, when will they stop thinking that THE UNIVERSE

This is a serious problem for both Android and iOS apps, and it's something that Blackberry had figured out from the very beginning. On the Blackberry, the user has a CHOICE as to whether to allow the apps access or not. You don't just get a screen saying "the app needs access to these things" and you have the options of exactly "take it or leave it." You get little checkboxes to say "No, the app can't access my personal contacts" and the app will still install, run, and work without access to your perso

If I am unsure of the spelling of a word or not entirely sure of the meaning I just type it into the Chrome URL box and I end up with a Google search with corrected spelling and links to the definition by default.

Probably not as easy on an iPad of course... but $50 for any iPad app seems exorbitant. Unless I am missing something, if the point of the app is to be a dictionary, you really don't need an app (rig up a web service or something?). Ok this app has sound bytes for pronuncia

Many many years ago, the Amiga IRC client "AmIRC" used to do a similar thing if you had a known pirated key. Everything sent to the IRC channel would come out as "/me is a lame software pirate", however would appear normal to the user themselves (so they were usually unaware until someone told them).

It was actually fairly well accepted as a clever and cute anti-piracy mechanism; but unlike the app in TFA, it never screwed up (as far as I heard about).

Flamebait much? People pay far more than that for desktop apps. People tend to think that an iOS iPhone or iPad app is going to always be some simple thing, and a lot are. But there are plenty of higher end "desktop quality" apps available on the platform.

Granted I don't personally believe a Dictionary app would be, but hey, an app is worth what people are willing to pay.

Back to the topic of what's triggering these erroneous piracy messages, there could be a couple of things at play. Some people are reporting its happening on Jailbroken devices that also have the "Install0us" app installed, which is to be fair used solely for app pirating. It may be the app sees "Hey, I'm on a hacked device with a pirate store installed" and assuming it itself has been pirated for that reason.

However, other users are reporting the same issue on non-jailbroken devices which leads me to believe that these apps were targeted for iOS 5.1.1 and may be seeing the massive backend library and OS changes Apple made for iOS6 and incorrectly assuming its running on a Jailbroken devices due to unexpected OS differences.

I'm not defending the app maker for obviously going overboard on anti-piracy measures, just trying to figure out the 'why' of it being triggered for paying customers.

" the "Install0us" app installed, which is to be fair used solely for app pirating."

No it's not.

It's also one of the easiest (and in some cases only) way you can revert to previous versions of apps. I don't pirate apps on iOS, and I rarely have a use for Install0us, but a couple of times it's saved me when a newer version of an app was unusable and Install0us was the only way to get a previous version re-installed and running again.

In the spirit of being fair though, ya, it's mostly for pirating, but I wouldn't jump to the definitive conclusion that someone who has it on their iOS devices is pirating apps.

Its function truly is piracy, but it has a lot of utility in legitimate scenarios.

That said, it's on my phone so that I can downgrade, and so that I can try apps that don't have a free version. I've wasted too much money on apps that I literally had to buy before figuring out they don't work right or don't fit the bill for what I want.

When I'm in a country where I have severely limited vocabulary in the local language, a good dictionary application is one of those can't-live-without things that I actually do depend on for getting by. I haven't seen how good this application is/isn't, but I'd pay more than $50 for a great dictionary app. Also, a mobile version is more valuable than a desktop version. I know from experience what it's like pulling a notebook computer out of a bag when I get stuck trying to read a sign or communicate with a stranger. I'll give you a hint: it's not as practical as pulling a phone out of your pocket.

A very quick search (quicker than responding to your post) has turned up a list of 15 apps in the range of $150 to $999.99, none of which is Photoshop but all of which are worth the purchase price to the user who is really REALLY going to use any of those apps.

Traveling on I-87 northbound and we got stuck in traffic. Stop and Go snail pace traffic.

Out comes a shiny glittering wonder of the world iphone with a 50$ map/direction/traffic application. "This is the BEST EVAAAR, DUDE!" the guy said. "Let me get us out of here". Everybody rejoiced. Alas, the joy did not last long. The app had no idea about the current traffic that we were sitting in.

Out comes an android. Not so shiny, mind you. It had this free little known map application called Goog

Except that he explained the reasoning for having Installous on a jailbroken phone, and others have rung in saying that Installous isn't what's flagging it, or the only reason.

There is no rational for having installous on a jailbroken phone other that to install pirated apps.

TFA:

When Scanner Pro, which I also legally own, introduced a bug in the app that made the app stop working completely on my device. Installous lets you browse a list of available pirated versions of the app, which also means you can use it to go back to an older version of an app you legally own.

Does the above says something about your rational abilities? Naaahh... a simpler explanation exists: who the hell bother to actually RTFA?

<advocate client="devil">
Note that he does not "legally own" Scanner Pro as he claims, rather he holds a license which permits him to use it under certain conditions. I rather doubt those conditions include "download old versions from piracy apps", so he surely is using it precisely to violate copyright, or in the common parlance, "to install pirated apps", despite the apps not having been taken by force on the high seas.</advocate>

Copyright law: it's hilariously busted, but let's fix or eliminate it rather than making excuses for violating it.

<advocate client="devil"> I wouldn't be that sure he's using it precisely in the sense of copyright violation, his description of the problem admits a situation in which he actually has a license for a version that, upon upgrade, failed to work.
If indeed this is his situation, he has a license to use the application (perhaps even in its newer version, otherwise why try to upgrade?), but the application fails to be usable in his conditions. In which case, what he is doing is not illegal and maybe more

There will be a license. It's that wall-o-text that no-one reads. You can't be sure of the legal situation regarding downgrades wthout reading that - but it's something rarely enough done that I doubt the license even addresses the issue.

The author of the article admits to using Installous, which is a program for installing pirated iOS applications.

And a hammer can be used to crack skulls as well as for any problem that looks like a nail. Should we shame the hammer users?
(my point: don't blame a tool, because a tool is a tool)

When Scanner Pro, which I also legally own, introduced a bug in the app that made the app stop working completely on my device. Installous lets you browse a list of available pirated versions of the app, which also means you can use it to go back to an older version of an app you legally own.

For all the high-and-mighty talk Apple bandies about regarding how carefully they analyze every app before approving it to be posted in the App Store, there sure are a lot of iOS Apps that do shady stuff like this.

This app doesn't do anything bad apparently unless it is installed on a jailbroken device. In that case, all odds are off. It may even be that the app is sandboxed and cannot do what it does on a non-jailbroken device.